RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v3]
Anthony Scarpino
ascarpino at openjdk.org
Mon Feb 24 19:29:55 UTC 2025
On Mon, 24 Feb 2025 18:21:54 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java line 220:
>>
>>> 218:
>>> 219: // Checks if algorithm is disabled for the given TLS scopes.
>>> 220: public boolean permits(String algorithm, Set<String> scopes) {
>>
>> Is there a reason you decided to have the caller make it into a `Set<String>` instead of passing SSLCryptoScope down?
>
> We can't introduce new public API with this change, `SSLCryptoScope` isn't public.
Which public API is interfering with this?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1968298642
More information about the security-dev
mailing list